image/svg+xml bendechrai WebAuthn to Hello & Passwords to Goodbye Say WebAuthn registration and login flow 5b The browser passeson the signed challengeto the server. 4b FIDO Security Keyreturns the signedchallenge to the browser. 3b FIDO Security Key loadsthe private key, andsigns the challenge. navigator.credentials.get 2b weborigin 5a The browser passes on thenew public key and signedchallenge to the server. 4a FIDO Security Key returns thenew public key and signedchallenge to the browser. 3a FIDO Security Key generatesnew public/private keypair,and signs the challenge. navigator.credentials.create 2a weborigin Browser sends challenge and web originto the Credentials API to create new login 1 Server sends challenge 1 Server sends challenge Phishing relies onfake login pages google.com FakeSuccess g00g1e.com Multifactor Passwordless Phishing Resistant Performance Easy to Remember Hard to Guess/Clone Easy to Change Hard to Intercept Passwords ';--have i been pwned? SMS Voice FIDO Security Key Access Cards Authenticator Apps Push Notifications PINs Iris Client Certificates Software Engineer for over 20 years Crazy about Security and Privacy Developer Advocate at Auth0 Demo Time! Thank You! Any Questions? https://ben.sc/auth0 https://ben.sc/webauthn ben@dechrai.com
1